What does the forthcoming year hold for Distributed Denial of Service (DDoS)?
Whilst we don’t possess a crystal ball at activereach® we do pride ourselves on keeping up with the latest thinking and, of course, we are in daily touch with our customers who are at the sharp end of this malicious form of cyberattack.
As the old year fades into the distance, we’ve been sifting through the DDoS attack predictions of a range of leading IT think tanks, commentators, vendors and security experts. As January is traditionally the time to reflect on what’s coming down the road, here’s our round-up of what we can expect in 2017.
Speculations on the direction of DDoS tend to form over two levels: generalised predictions on the nature and scale of attacks, and specific warnings about malware technologies and approaches.
General DDoS attack predictions for 2017
Looking, firstly, at general predictions, the consensus is pretty bleak. CIO magazine probably summarises the cybersecurity situation best, bluntly stating that 2016 had been “hell” and that there was no reason to believe 2017 would be better, indeed adding: “it could be even worse”.1
Developing this theme, The World Economic Forum, whose annual get-together in Davos has just taken place, issue an annual global risks report. This year’s report notes that cybersecurity has been moving up the ranks of its annual list of risks and threats to the world economy for several years, and that this year, risk of “large-scale cyberattacks” had risen to sixth position. Particularly noteworthy was a warning that such large-scale attacks could lead to “widespread loss of trust in the Internet”.2 Patrick Miller, a partner at Archer Security Group, backs this up, writing that as data breaches and DDoS attacks mount, “security failure fatigue” will set in, leading to a lowering of trust in systems. In his view 2017 may be a nadir, as we find out “what the bottom of the [security] barrel looks like”.3
DDoS attacks are scaling up…and up
More specifically, Deloitte, along with many others, worry about the scale of DDoS attacks, warning that we are entering the “terabit era”.4 They predict that in 2017, DDoS attacks will become larger in scale, more frequent, and perhaps most worryingly, harder to mitigate. They specifically warn that “Any organization that is increasing its dependence on the Internet should be aware of a potential spike in the impact from such attacks” (p. 9). Their experts expect that there will be on average a terabit per second (Tbps) DDoS attack per month, over 10 million attacks in total, and an average attack size of between 1.25 and 1.5 Gbps.
Akamai, whose quarterly reports on the state of the Internet are widely read, also predicts an increase in attack scale, noting that in the third quarter of 2016 whilst overall number of DDoS attacks they traced fell slightly from the previous quarter, the number of large attacks, as well as the size of the biggest attacks, grew significantly.5 Comparing between 2015 and 2016 they found a 71% increase in total DDoS attacks. Q3 alone saw nineteen mega attacks (defined as greater than 100Gbps).
The terabit-scale DDoS attack scenario is backed up by network security specialists, Corero, who argue that such attacks will “become the new norm” and could impact the “Internet backbone itself”.6 Arguing that DDoS is set to become a top security priority in 2017, they foresee “increased disruption to businesses and government due to rising threat levels”.
Tibus, a leading UK hosting provider, go further, arguing that the sheer scale of the latest attacks indicate that there has been a step change in the type of criminal organization that is involved in staging attacks with large-scale commercial entities and even nation states becoming involved.7
The prize, however, for bleakest forecaster must go to James Carder of US technology security vendor LogRhythm, who recently told the Business Insider website that the large-scale DDoS attacks we saw in late 2016 were “just tests” whereby criminals were “testing missiles by shooting them into the ocean”.8 The next step is to shut down the Internet for 24 hours. Is he DDoS’s Cassandra? We’ll see in the next twelve months…Read on
 Florentine, S., ‘2017 security predictions’, CIO.com, 30th Nov 2016.
 World Economic Forum, The Global Risks Report 2017 12th Edition (Geneva: WEF, Jan 2017), p.62.
 Bisson, D., ‘Divining Infosec: Security Experts’ Predictions for 2017’ [blog], The State of Security (3rd Jan 2017).
 Deloitte, Technology, Media and Telecommunications Predictions 2017 (London: Deloitte, Jan 2017).
 Akamai, Akamai’s [state of the internet] / security Q3 2016 report (Cambridge, Mass.: Akamai Technologies, Inc., Nov 2016).
 Larson, D., ‘DDoS Attack Predictions for 2017’ [blog], Corero (14th Dec, 2016).
Tibus, ‘2017 set to be the year of DDoS’ [blog], Tibus (11th Jan 2017).
 Yoo, T., ‘PREDICTION: The Internet will shut down for 24 hours next year’, Business Insider UK, 21st Dec 2016.